Maintaining a computer network includes the on-going task of updating firewall rules and settings. Firewall access rules and object definitions have to be updated to support required changes in the connectivity of the network. For example, as a new application is deployed in the network, the services of the application should become accessible to their intended users, and the servers that implement the application should be able to communicate with each other. Adding servers, networks, and users to the network or changing the topology of the network might also require changes to the network connectivity. On the other hand, security audits might require blocking an access capability in the network to improve security.
An organization might have tens, hundreds and even thousands of firewall. Each firewall might include hundreds of access rules, to support the requirements of the business and operational entities of the organization. When a change is required, it is not always simple to identify in which firewalls the change has to be implemented and how.
A non controlled implementation of changes might block the connection to critical services, or open an access that enables cyber-space attacks. In both cases a significant damage can be caused. To reduce such risks, IT organizations apply processes for approving requested changes and verifying their proper implementation.
Most current techniques for supporting theses processes are manual, use limited computer assistance, applying relative shallow checks. The result is a labor intensive process with limited effectiveness on reducing the risk.
Therefore, there is a need for methods, systems, and computer program products for managing access change assurance.